Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
cli-highlight
Advanced tools
The cli-highlight npm package is a syntax highlighter for the command line. It takes code as input and outputs it with syntax highlighting, making it easier to read and understand. It supports a wide range of programming languages and can be used both as a command-line tool and as a library in Node.js applications.
Syntax highlighting in the terminal
This feature allows you to highlight syntax of code snippets directly in the terminal. The code sample demonstrates how to use the highlight function from the cli-highlight package to syntax highlight a JavaScript code snippet.
const highlight = require('cli-highlight').highlight;
console.log(highlight('const x = 1;', {language: 'javascript', theme: 'default'}));
Highlight code from a file
This feature allows you to read code from a file and output it with syntax highlighting in the terminal. The code sample shows how to read a JavaScript file and use the highlight function to apply syntax highlighting.
const highlight = require('cli-highlight').highlight;
const fs = require('fs');
fs.readFile('example.js', 'utf8', (err, code) => {
if (err) throw err;
console.log(highlight(code, {language: 'javascript', theme: 'default'}));
});
Use as a command-line tool
cli-highlight can also be used as a standalone command-line tool. This code sample demonstrates how to use cli-highlight to highlight a JavaScript file named 'example.js' using the default theme.
highlight -l javascript -t default example.js
Chalk is a popular npm package for styling terminal strings. Unlike cli-highlight, which is focused on syntax highlighting, Chalk allows you to apply custom styles like colors, background colors, and text styles to strings in the terminal.
pygmentize-bundled is an npm package that provides syntax highlighting by wrapping the Python Pygments library. It offers a wide range of languages and styles, similar to cli-highlight, but requires Python to be installed on the system.
Cardinal is another syntax highlighter for JavaScript code that can be used in the terminal. It is similar to cli-highlight but is specifically designed for JavaScript and includes features like line numbers and custom themes.
Syntax highlighting in your terminal
Output a file
$ highlight package.json
Color output of another program with piping. Example: A database migration script that logs SQL Queries
$ db-migrate --dry-run | highlight
Command line options:
Usage: highlight [options] [file]
Outputs a file or STDIN input with syntax highlighting
Options:
--language, -l Set the langugage explicitely
If omitted will try to auto-detect
--theme, -t Use a theme defined in a JSON file
--version, -v Show version number [boolean]
--help, -h Show help [boolean]
You can use this module programmatically to highlight logs of your Node app. Example:
const highlight = require('cli-highlight').highlight
const Sequelize = require('sequelize')
const db = new Sequelize(process.env.DB, {
logging(log) {
console.log(highlight(log, {language: 'sql', ignoreIllegals: true}))
}
})
Detailed API documenation can be found here.
You can write your own theme in a JSON file and pass it with --theme
.
The key must be one of the highlight.js CSS class names or "default"
,
and the value must be one or an array of Chalk styles to be applied to that token.
{
"keyword": "blue",
"built_in": ["cyan", "dim"],
"string": "red",
"default": "gray"
}
The style for "default"
will be applied to any substrings not handled by highlight.js. The specifics depend on the language but this typically includes things like commas in parameter lists, semicolons at the end of lines, etc.
The theme is combined with the default theme. The default theme is still not colored a lot or optimized for many languages, PRs welcome!
All languages of highlight.js are supported. Check a CI build for examples of all the different languages and their highlighting.
The module is written in TypeScript and can be compiled with npm run build
.
npm run watch
starts tsc
in watch mode. Tests are written with mocha.
Improving language support is done by adding more colors to the tokens in the default theme and writing more tests.
FAQs
Syntax highlighting in your terminal
The npm package cli-highlight receives a total of 2,996,825 weekly downloads. As such, cli-highlight popularity was classified as popular.
We found that cli-highlight demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.